Abstract: Particular embodiments described herein provide for a wearable electronic device with a biometric sensor and logic. At least a portion of the logic is implemented in hardware. The logic is configured to receive input data indicative of biometric input and attempt to authenticate the input data based, at least in part, on at least one biometric credential of an authorized user. The logic is configured to establish a wireless connection to a smart device, determine whether the smart device is included in a trust group of one or more smart devices, and send a communication to unlock the smart device when the input data is successfully authenticated and when the trust group includes the smart device.

Abstract: An apparatus and method for searching for similar malicious code based on malicious code feature information. The apparatus includes a malicious code registration unit for registering input new malicious code as a new malicious code sample, and extracting and registering detailed information of the new malicious code sample, a malicious code analysis unit for analyzing the detailed information of the new malicious code sample, a malicious code DNA extraction unit for extracting malicious code DNA information including malicious code feature information, a malicious code DNA comparison unit for comparing the extracted malicious code DNA information with malicious code DNA information of prestored malicious code samples, and calculating similarities therebetween, and a similar malicious code search unit for calculating, based on the calculated similarities, all similarities between the new malicious code sample and prestored malicious code samples, and extracting a specific number of malicious code samples.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into text data and methods, apparatus, and articles of manufacture to obtain encoded data from text data are disclosed. An example method includes assigning encoded data units to respective ones of a plurality of groups, the encoded data units including text data, identifying a symbol present in a first one of the encoded data units assigned to a first one of the groups, and outputting auxiliary data embedded in the encoded data units based on the symbol and based on the one of the groups of the first one of the encoded data units.

Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.

Abstract: A host machine has a web browser. A user of the host machine also has a mobile device. A time-based, one-time password (TOTP) authentication scheme leverages a plug-in associated with the browser to automatically inject a received TOTP code into an element of an HTML-based TOTP authentication page, and to programmatically submit the HTML form (e.g., by mimicking the “click to submit” button on the TOTP form). Typically, the TOTP code is obtained following a successful completion of a push notification interaction between a cloud service, which stores TOTP shared secrets that are used to generate the TOTP codes, and the user of the mobile device.

Abstract: Aspects of image capture challenge access are described. In one embodiment, an access service of a computing device directs an imaging system to capture an image including facial fiducial features and determine whether the features correspond to an expected set of features. The access service may also issue a request for a response including, for example, a request to tilt or move the computing device, move an individual's face, or contort an individual's facial features. After the request for the response, the access service may capture a response image. The response image may include an adjustment to facial fiducial features. The access service may further determine whether the adjustment to the facial fiducial features corresponds to the request. Depending upon whether the adjustment corresponds to the request, the access service may permit or deny access to features of the computing device.

Abstract: In one embodiment a method, system and apparatus is described for detecting a malicious network connection, the method system and apparatus including determining, for each connection over a network, if each connection is a persistent connection, if, as a result of the determining, a first connection is determined to be a persistent connection, collecting connection statistics for the first connection, creating a feature vector for the first connection based on the collected statistics, performing outlier detection for all of the feature vector for all connections over a network which have been determined to be persistent connections, and reporting detected outliers. Related methods, systems and apparatus are also described.

Abstract: Convenient sharing of information among authorized network users may be facilitated by allowing a user to send information originating from multiple applications in aggregate form to another user, e.g., using a secure messaging service. In scenarios where data access is restricted, a server may check the recipient's access privileges prior to forwarding the information to her.

Abstract: A processor of an aspect includes a plurality of packed data registers, and a decode unit to decode an instruction. The instruction is to indicate one or more source packed data operands. The one or more source packed data operands are to have four 32-bit results of four prior SM4 cryptographic rounds, and four 32-bit values. The processor also includes an execution unit coupled with the decode unit and the plurality of the packed data registers. The execution unit, in response to the instruction, is to store four 32-bit results of four immediately subsequent and sequential SM4 cryptographic rounds in a destination storage location that is to be indicated by the instruction.

Abstract: An information processing device includes a display that displays an input screen including a plurality of images, an image selecting section that selects at least one image within the input screen in accordance with an input operation from a user, and a controller that controls the information processing device on a basis of the image selected by the image selecting section.

Abstract: Embodiments of the present invention relate to generating challenge response sets utilizing semantic web technology. In response to detecting an authentication session for a user, a computing device generates a first challenge question that is semantically related to a second challenge question previously responded to by the user, wherein the authentication session seeks to validate an identification of the user. The computing device determines whether a response to the challenge question by the user is valid. In response to determining that the response to the challenge question by the user was valid, the computing device generates a third challenge question or a notification that the response to the challenge question validates the identification of the user.

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract: An automatic malignant code collecting system comprises a first database configured to store detection target website information, a virtual machine controller configured to read the website information from the first database and transmit the website information, a first virtual machine configured to periodically gain access to a website using the website information and to collect a malignant code and evidence thereof if an abnormal event occurs when the first virtual machine gains access to the website, a second virtual machine configured to periodically gain access to the same website as accessed by the first virtual machine using the website information received from the virtual machine controller and to collect a malignant code and evidence thereof if an abnormal event occurs when the second virtual machine gains access to the website, and a second database configured to store the malignant code and the evidence thereof collected by the first virtual machine and the second virtual machine.

Abstract: A mechanism is described for facilitating dynamic adjustments to features of computing devices according to one embodiment. A method of embodiments, as described herein, includes automatically monitoring usage patterns relating to a user of computing device. The usage patterns may be based on audio user characteristic or visual user characteristics relating to usage of the computing device. The method may further include automatically monitoring environment patterns relating to the usage of the computing device. The environment patterns may be based on surrounding environment having the user and the computing device. The method may further include facilitating dynamic adjustment of one or more features of the computing device based on one or more of the usage patterns, environment patterns, and user preferences.

Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.

Abstract: A system and method for managing licensing of virtual environment applications. A licensing module of a first installed virtual environment application detects installation of affiliated applications and gives them a group licensing key for passing it to the licensing server. The licensing server derives licensing parameters of the affiliated applications from the group key and gives the licenses to the affiliated applications, in case of successful validation. The licensing system provides protection from un-authorized copying of the applications. If an affiliated virtual environment application is copied (or moved) to another hardware node without its virtual environment, the licensing server will not give the license activation key to this virtual environment application.

Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.

Abstract: A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature.

Abstract: A system for secure key management including a secondary device comprising a programmable hardware component and an associated secure data storage, wherein the secondary device comprises a one-way communications link to receive input unilaterally from a computing device, an encryption key generator to generate and store encryption keys on the secure data storage, and an encryption key distribution module to distribute encryption keys to one or more destinations on a computer network through a communications interface component, wherein the distribution is adapted to bypass a central processor of the computing device. A method is also provided.

Abstract: A method and system of authenticating a service to access data respective of a user on a low-end mobile device are provided. The method includes receiving a request from a service to access data respective of the user device, wherein the user device is a low-end mobile device; sending the user device a first authentication token over a first communication path; receiving a second authentication token over a second communication path, wherein the second authentication token is received from a host server hosting the service; comparing the first authentication token to the second authentication token; and allowing access to the data upon determination that the first authentication token matches the second authentication token.